Enable DNS over HTTPS in Any Browser — Chrome, Firefox, and Edge

Q: What is the difference between DNS over HTTPS and DNSSEC?

DoH encrypts DNS queries in transit so no one can eavesdrop. DNSSEC signs DNS responses cryptographically so the answer cannot be tampered with. They solve different problems and can run simultaneously without interfering with each other.

Q: Will enabling DoH break my parental controls?

It can if your parental controls work by intercepting DNS at the router or ISP level. The fix is to set your DoH provider to your parental control service's own DoH endpoint (such as CleanBrowsing's family filter) so queries stay filtered even when encrypted.

Q: Can I enable DoH on my router instead of browser by browser?

Yes, and it is more thorough. Router-level DoH protects every device on your network automatically, without touching individual browsers. Many Asus and Netgear routers support it natively in the DNS settings — look for a DNS over HTTPS or Encrypted DNS option in your router admin panel.

Every time you visit a site, your browser sends a DNS request to translate the domain name into an IP address. That request travels in plain text by default — your ISP, a coffee shop Wi-Fi operator, or anyone else watching the network can see exactly which domains you’re looking up. Enabling DNS over HTTPS (DoH) encrypts those lookups so only you and your chosen DNS provider can read them.

Chrome, Firefox, and Edge all support DoH natively today — no extension, no app, and no router change required. I’ve had it running across all three browsers for over a year without a single compatibility issue. Here’s how to turn it on in each one.

Quick Answer

To enable DNS over HTTPS, open your browser’s security settings and turn on Secure DNS (Chrome/Edge) or DNS over HTTPS (Firefox), then pick Cloudflare or Google as your resolver. The whole process takes about 60 seconds and encrypts every DNS query your browser makes from that point on.

What Is DNS over HTTPS — and Why Should I Enable It?

Standard DNS sends lookup queries unencrypted over port 53. Anyone with access to your network traffic can log every domain you request — even when the sites themselves use HTTPS. DoH wraps each query in an encrypted HTTPS connection, so it blends in with normal web traffic and can’t be read in transit.

The practical result: your ISP loses the ability to build a detailed map of your browsing habits from DNS alone. On public Wi-Fi, that’s especially valuable since you can’t trust who controls the network.

Does it slow my browser down?

Not in practice. Cloudflare’s 1.1.1.1 resolver is among the fastest globally, and the added encryption adds only a few milliseconds on the first query per session — nothing you’d notice while browsing.

DoH encrypts your browser’s domain lookups so ISPs and public-network operators can no longer log which sites you’re requesting.

How Do I Enable DNS over HTTPS in Chrome?

Click the three-dot menu in the top-right corner, then click Settings.
In the left sidebar, select Privacy and security, then click Security.
Scroll to the Advanced section and find Use secure DNS.
Toggle it on. From the dropdown, choose a provider — I use Cloudflare (1.1.1.1) for its speed and strict no-logging policy.
Changes save immediately. No restart needed.

Pro tip

If the toggle is grayed out, a work or school admin policy is locking the setting. You won’t be able to override it from the browser — ask your IT department to enable DoH at the network level instead.

Chrome’s Secure DNS toggle takes under 30 seconds to flip on and needs no extensions or account sign-in.

How Do I Enable DNS over HTTPS in Firefox?

Firefox gives you three protection levels — more granular control than any other major browser.

Click the hamburger menu (≡), then Settings.
Select Privacy & Security in the left panel and scroll down to the DNS over HTTPS section.
Under Enable DNS over HTTPS using, choose a protection level:
- Default Protection — uses DoH when available, falls back to standard DNS if not.
- Increased Protection — DoH only, with fallback to standard DNS if the resolver fails.
- Max Protection — DoH only; Firefox blocks the page entirely rather than falling back. This is what I run on my personal laptop.
Select a provider from the dropdown. Cloudflare is the default; NextDNS lets you build a custom filtering dashboard for free (300,000 queries per month on the free tier).

Firefox’s Max Protection mode guarantees DNS never travels unencrypted — at the cost of blocking pages outright if your DoH resolver goes offline.

How Do I Turn On Secure DNS in Microsoft Edge?

Click the three-dot menu (…), then Settings.
Open Privacy, search, and services in the sidebar.
Scroll to the Security section and toggle on Use secure DNS to specify how to look up the network address for websites.
Select Choose a service provider and pick Cloudflare, Google, or another option from the list.

Troubleshooting tip

If Edge reverts to unencrypted DNS after a reboot, a third-party antivirus or VPN client is likely overriding DNS at the OS level. The browser-level DoH setting has no effect in that case — you’ll need to set DoH in Windows network settings or on your router directly.

Edge’s Secure DNS steps mirror Chrome’s almost exactly, so you can configure both browsers in under two minutes total.

Which DNS over HTTPS Provider Should I Use?

Provider	Logs queries?	Best for
Cloudflare 1.1.1.1	No (purged in 24 h)	Speed and strong privacy
Google Public DNS	Limited (purged in 48 h)	High reliability
NextDNS	Optional	Custom filtering dashboard
OpenDNS	Yes (anonymized)	Family and content filtering
AdGuard DNS	No	Ad blocking at the DNS layer

For most people, Cloudflare is the right default — it’s fast, independently audited, and publicly committed to not selling your data. If you want per-device filtering controls, NextDNS’s free plan is worth setting up. For a broader comparison of how Chrome, Firefox, and Edge handle your privacy overall, see Chrome vs Edge vs Firefox: Which Browser Respects Your Privacy Most.

Cloudflare 1.1.1.1 is the best default for most users — independently audited, free, and consistently the fastest resolver in global benchmarks.

What Mistakes Should I Avoid With DNS over HTTPS?

Thinking DoH covers all your apps. Browser DoH encrypts DNS only inside the browser. Email clients, games, and other apps still use OS-level DNS. For whole-device protection, also set DoH in Windows network settings — my guide on changing your DNS server for faster, safer browsing walks through that step.
Picking an obscure provider. Your DoH resolver sees all your browser DNS queries in plain text. Stick to providers with published privacy policies and third-party audits rather than a random resolver you found online.
Confusing DoH with a VPN. DoH encrypts only the DNS lookup. Your IP address and the server names in TLS handshakes are still visible to your ISP. Use a VPN if you need to hide the connection itself, not just the lookup.
Breaking work or parental filters. Corporate networks and parental controls often rely on DNS interception to enforce filtering. DoH bypasses those filters. Disable it on work-managed devices unless your IT team has approved it.
Forgetting mobile browsers. Chrome and Firefox on Android support DoH in the exact same settings locations as their desktop counterparts. Public Wi-Fi on mobile carries the same risk — enable DoH there too.

Frequently Asked Questions

Does DNS over HTTPS affect how fast pages load?

Not noticeably. Cloudflare 1.1.1.1 responds in under 20 ms from most locations — on par with or faster than the average ISP resolver. I’ve run speed tests before and after enabling DoH and never measured a meaningful difference in page load times.

Is DoH the same as a VPN?

No. A VPN encrypts all your traffic and hides your IP address. DoH only encrypts the DNS lookup step — think of it as one privacy layer rather than a full anonymity solution. For public Wi-Fi safety you ideally want both, but DoH alone is still a worthwhile upgrade.

What is the difference between DNS over HTTPS and DNSSEC?

DoH encrypts DNS queries in transit so no one can eavesdrop on them. DNSSEC signs DNS responses cryptographically so you know the answer wasn’t tampered with. They solve different problems and can run at the same time — enabling one doesn’t interfere with the other.

Will enabling DoH break my parental controls?

It can, if your parental controls work by intercepting DNS at the router or ISP level. The fix is to set your DoH provider to your parental control service’s own DoH endpoint — for example, CleanBrowsing’s family filter — so queries stay filtered even when encrypted.

How do I check that DoH is actually working?

Visit 1.1.1.1/help — Cloudflare’s official check page — immediately after enabling the setting. It shows whether your DNS queries are encrypted and confirms which resolver is handling them. Takes about five seconds.

Can I enable DoH on my router instead of browser by browser?

Yes, and it’s more thorough. Router-level DoH protects every device on your network automatically, without touching individual browsers. Many Asus and Netgear routers support it natively in the DNS settings — look for a “DNS over HTTPS” or “Encrypted DNS” option in your router’s admin panel.

Conclusion

Enabling DNS over HTTPS is one of the quickest privacy upgrades you can make — under a minute, completely free, and nothing breaks. Start with Chrome or Edge’s Secure DNS toggle and pick Cloudflare as your resolver. If you want filtering control on top of encryption, set up NextDNS in Firefox. Open your browser settings right now and lock down your DNS queries.